Author Topic: Svchost.exe connections blocked by Avast  (Read 1679 times)

0 Members and 1 Guest are viewing this topic.

Offline Onky10

  • Newbie
  • *
  • Posts: 2
Svchost.exe connections blocked by Avast
« on: March 06, 2024, 05:51:28 PM »
Hello, I have a question about an issue that, so far, I was not able to solve.
On my PC, Avast interrupted the connection of the process C:\Windows\System32\svchost.exe with the IP address 151.139.87.59 on Feb 24th, and again with the IP address 151.139.87.97 on March 6th because they are "affected" by "URL:Blacklist".

The URL is precisely http://151.139.87.59/filestreamingservice/files/.../pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com

I have then run the complete antivirus scan both with Avast and MS Defender, including the in-depth scan at PC booth, and nothing malicious was found.
These IP addresses seem to be located near where I live in Frankfurt (Germany). See https://whois.domaintools.com/151.139.87.97 and https://whois.domaintools.com/151.139.87.5 for example. Both IPs are also reported clean on https://www.virustotal.com/.

Is anyone able to explain why these addresses are in the Avast blacklist? And is there anything else to check what's the root cause of Avast Premium Security blocking the connection of C:\Windows\System32\svchost.exe , if nothing malicious can be found on my PC neither by Avast nor MS Defender?

Thank you for your help!
« Last Edit: March 06, 2024, 08:47:03 PM by Onky10 »

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5712
  • Spartan Warrior
Re: Svchost.exe connections blocked by Avast
« Reply #1 on: March 06, 2024, 06:05:22 PM »
If you think these detections are a false positive you may report such to Avast here:  https://www.avast.com/false-positive-file-form.php#pc

You should get a reply in a few days or so.
Windows 10 Home 64-bit 22H2 Microsoft Windows Defender - Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.4.6112 (build 24.4.9067.762) UI version 1.0.803

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33973
  • malware fighter
Re: Svchost.exe connections blocked by Avast
« Reply #2 on: March 07, 2024, 11:52:20 AM »
As reported before elsewhere on these forums abuse has been reported on 151.139.87.97 for Stack Path:
https://www.abuseipdb.com/check/151.139.87.97
Potentially Bad Traffic, Potential Corporate Privacy Violation

Wait for a final verdict from avast's,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Onky10

  • Newbie
  • *
  • Posts: 2
Re: Svchost.exe connections blocked by Avast
« Reply #3 on: March 10, 2024, 10:55:05 AM »
Thank you, it looks like 151.139.87.97 is reported clean on https://www.virustotal.com/ , but as you say it's been reported recently on https://www.abuseipdb.com/check/151.139.87.97

At this point, I am not sure if it's a good idea to report is as a false positive - any idea about this?

In any case, I'll keep an eye on it.


Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33973
  • malware fighter
Re: Svchost.exe connections blocked by Avast
« Reply #4 on: March 10, 2024, 01:35:27 PM »
Hi Onky10,

Better wait for a final verdict from avast's. About possible SSH attacks (https://www.shodan.io/host/151.139.87.97),
see the discussion here at information security: https://security.stackexchange.com/questions/256579/any-known-ssh-attacks-vulnerabilities-other-than-brute-force-dictionary-attacks
Also in this case: https://nvd.nist.gov/vuln/detail/CVE-2023-48795

There must have been something that must have triggered this, and it was not only you reporting.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!